mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-24 17:03:27 +01:00
Merge pull request #15402 from Security-Onion-Solutions/bravo
allow logstash.ssl for eval and import. fix soup create_ca_pillar
This commit is contained in:
Josh Patterson
GitHub
@@ -73,7 +73,8 @@
|
|||||||
'so-eval': (
|
'so-eval': (
|
||||||
manager_states +
|
manager_states +
|
||||||
sensor_states +
|
sensor_states +
|
||||||
elastic_stack_states | reject('equalto', 'logstash') | list
|
elastic_stack_states | reject('equalto', 'logstash') | list +
|
||||||
|
['logstash.ssl']
|
||||||
),
|
),
|
||||||
'so-heavynode': (
|
'so-heavynode': (
|
||||||
sensor_states +
|
sensor_states +
|
||||||
@@ -85,7 +86,7 @@
|
|||||||
'so-import': (
|
'so-import': (
|
||||||
manager_states +
|
manager_states +
|
||||||
sensor_states | reject('equalto', 'strelka') | reject('equalto', 'healthcheck') | list +
|
sensor_states | reject('equalto', 'strelka') | reject('equalto', 'healthcheck') | list +
|
||||||
['elasticsearch', 'elasticsearch.auth', 'kibana', 'kibana.secrets', 'strelka.manager']
|
['elasticsearch', 'elasticsearch.auth', 'kibana', 'kibana.secrets', 'logstash.ssl', 'strelka.manager']
|
||||||
),
|
),
|
||||||
'so-manager': (
|
'so-manager': (
|
||||||
manager_states +
|
manager_states +
|
||||||
|
|||||||
@@ -560,29 +560,32 @@ wait_for_salt_minion() {
|
|||||||
local logfile="${4:-'/dev/stdout'}"
|
local logfile="${4:-'/dev/stdout'}"
|
||||||
local elapsed=0
|
local elapsed=0
|
||||||
|
|
||||||
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Waiting for salt-minion '$minion' to be ready..." | tee -a "$logfile"
|
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Waiting for salt-minion '$minion' to be ready..."
|
||||||
|
|
||||||
while [ $elapsed -lt $max_wait ]; do
|
while [ $elapsed -lt $max_wait ]; do
|
||||||
# Check if service is running
|
# Check if service is running
|
||||||
|
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Check if salt-minion service is running"
|
||||||
if ! systemctl is-active --quiet salt-minion; then
|
if ! systemctl is-active --quiet salt-minion; then
|
||||||
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - salt-minion service not running (elapsed: ${elapsed}s)" | tee -a "$logfile"
|
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - salt-minion service not running (elapsed: ${elapsed}s)"
|
||||||
sleep $interval
|
sleep $interval
|
||||||
elapsed=$((elapsed + interval))
|
elapsed=$((elapsed + interval))
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - salt-minion service is running"
|
||||||
|
|
||||||
# Check if minion responds to ping
|
# Check if minion responds to ping
|
||||||
|
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Check if $minion responds to ping"
|
||||||
if salt "$minion" test.ping --timeout=3 --out=json 2>> "$logfile" | grep -q "true"; then
|
if salt "$minion" test.ping --timeout=3 --out=json 2>> "$logfile" | grep -q "true"; then
|
||||||
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - salt-minion '$minion' is connected and ready!" | tee -a "$logfile"
|
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - salt-minion '$minion' is connected and ready!"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Waiting... (${elapsed}s / ${max_wait}s)" | tee -a "$logfile"
|
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - Waiting... (${elapsed}s / ${max_wait}s)"
|
||||||
sleep $interval
|
sleep $interval
|
||||||
elapsed=$((elapsed + interval))
|
elapsed=$((elapsed + interval))
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - ERROR: salt-minion '$minion' not ready after $max_wait seconds" | tee -a "$logfile"
|
echo "$(date '+%a %d %b %Y %H:%M:%S.%6N') - ERROR: salt-minion '$minion' not ready after $max_wait seconds"
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
# Elastic License 2.0.
|
# Elastic License 2.0.
|
||||||
|
|
||||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||||
{% if sls.split('.')[0] in allowed_states %}
|
{% if sls in allowed_states or sls.split('.')[0] in allowed_states %}
|
||||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||||
{% from 'elasticfleet/map.jinja' import ELASTICFLEETMERGED %}
|
{% from 'elasticfleet/map.jinja' import ELASTICFLEETMERGED %}
|
||||||
{% from 'ca/map.jinja' import CA %}
|
{% from 'ca/map.jinja' import CA %}
|
||||||
|
|||||||
@@ -680,11 +680,6 @@ post_to_2.4.210() {
|
|||||||
POSTVERSION=2.4.210
|
POSTVERSION=2.4.210
|
||||||
}
|
}
|
||||||
|
|
||||||
post_to_2.4.220() {
|
|
||||||
echo "Nothing to apply"
|
|
||||||
POSTVERSION=2.4.220
|
|
||||||
}
|
|
||||||
|
|
||||||
repo_sync() {
|
repo_sync() {
|
||||||
echo "Sync the local repo."
|
echo "Sync the local repo."
|
||||||
su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync."
|
su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync."
|
||||||
@@ -968,14 +963,9 @@ up_to_2.4.201() {
|
|||||||
up_to_2.4.210() {
|
up_to_2.4.210() {
|
||||||
# Elastic Update for this release, so download Elastic Agent files
|
# Elastic Update for this release, so download Elastic Agent files
|
||||||
determine_elastic_agent_upgrade
|
determine_elastic_agent_upgrade
|
||||||
|
|
||||||
INSTALLEDVERSION=2.4.210
|
|
||||||
}
|
|
||||||
|
|
||||||
up_to_2.4.220() {
|
|
||||||
create_ca_pillar
|
create_ca_pillar
|
||||||
|
|
||||||
INSTALLEDVERSION=2.4.220
|
INSTALLEDVERSION=2.4.210
|
||||||
}
|
}
|
||||||
|
|
||||||
add_hydra_pillars() {
|
add_hydra_pillars() {
|
||||||
|
|||||||
Reference in New Issue
Block a user